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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

1 . (Original) A method of enforcing authorization in a shared process 
between at least two parties comprising: 

identifying a sender of a message requesting an action as part of the shared 
process; 

determining the party of the sender; 

associating the sender's party with a business relationship between the 
sender's party and the receiver's party as defined by an electronic contract, without 
relying on a trusted third party to provide a common rooted key hierarchy; 

identifying terms and conditions of the electronic contract corresponding to 
the shared process; and 

verifying that the requested action corresponds to the terms and conditions 
and is allowable for the shared process by the sender. 

2. (Original) The method of claim 1 , wherein verifying comprises at least one 
of using roles to determine that requested actions are sanctioned under the 
electronic contract, using digital certificates to determine processing systems 
implementing requested actions are authorized by the parties, and using public keys 
of the parties to verify adherence to the electronic contract. 

3. (Original) The method of claim 1 , wherein the electronic contract binds 
public keys for each of the parties with sub-processes of the shared process. 

4. (Original) The method of claim 1 , wherein at least a portion of the 
electronic contract is digitally signed by the at least two parties with their respective 
public keys prior to the sender sending the message. 
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5. (Currently amended) The method of claim 1, wherein the shared process 
is defined by a descript i ve extended markup language (XML) . 

6. (Original) The method of claim 1, wherein verifying comprises qualifying 
semantics of security related decisions affecting the shared process using 
information from the electronic contract. 

7. (Original) An article comprising: a storage medium having a plurality of 
machine readable instructions, wherein when the instructions are executed by a 
processor, the instructions provide for enforcing authorization in a shared process 
between at least two parties by identifying a sender of a message requesting an 
action as part of the shared process, determining the party of the sender, 
associating the sender's party with a business relationship between the sender's 
party and the receiver's party as defined by an electronic contract, without relying on 
a trusted third party to provide a common rooted key hierarchy, identifying terms and 
conditions of the electronic contract corresponding to the shared process, and 
verifying that the requested action corresponds to the terms and conditions and is 
allowable for the shared process by the sender. 

8. (Original) The article of claim 7, wherein the electronic contract binds 
public keys for each of the parties with sub-processes of the shared process. 

9. (Original) The article of claim 7, wherein the electronic contract is digitally 
signed by the at least two parties with their respective public keys prior to the sender 
sending the message. 

10. (Original) An electronic contract associating at least two parties with a 
shared process comprising: 

a first section to specify at least one party, other than the at least two parties, 
that represents a name space corresponding to a domain of cryptographic keys; 
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a second section to associate the at least two parties liable under the 
electronic contract with a public key of a cryptographic key pair from the domain for 
each of the at least two parties, without relying on a trusted third party to provide a 
common rooted key hierarchy; 

a third section to provide at least one of mapping of role names and sub- 
processes of the shared process; and 

a fourth section to allow each of the at least two parties to digitally sign at 
least a portion of the electronic contract with a private key of the cryptographic key 
pair for each of the at least two parties. 

1 1 . (Original) The electronic contract of claim 10, further comprising a fifth 
section to specify information identifying at least one of the electronic contract and 
current revision level. 

12. (Original) The electronic contract of claim 10, wherein the first section 
specifies a security standard used for unambiguous references to process 
definitions, protocols and names from which syntax and semantics of shared 
processes are derived. 

13. (Original) The electronic contract of claim 10, wherein the second section 
comprises at least one of a contract identifier, validity period, creation date, and 
contact information of the at least two parties. 

14. (Original) The electronic contact of claim 10, wherein the third section 
comprises information to specify syntax and semantics of role names. 

15. (Original) The electronic contract of claim 10, further comprising a sixth 
section defining ancillary services used in support of the shared process. 



4 



09/784,941 

16. (Original) The electronic contract of claim 15, wherein the ancillary 
services comprise saving archives relating to use of the shared process by the at 
least two parties. 

17. (Original) The electronic contract of claim 15, wherein the ancillary 
services comprise performing audits relating to use of the shared process by the at 
least two parties. 

18. (Original) The electronic contract of claim 15, wherein the ancillary 
services comprise timestamping the electronic contract. 

19. (Original) The electronic contract of claim 15, wherein the sixth section 
specifies a party, other than the at least two parties, that provides the ancillary 
services to the at least two parties as part of the shared process. 
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